Last.fm rejects Techcrunch claims of illegal behaviour

The war of words between music website Last.fm and Techcrunch has cranked up several gears, after the Silicon Valley news blog repeated its accusations that Last.fm broke its privacy policies - and the law - by handing over user data to the US music industry.

The latest accusations, published late on Friday, are a tweaked version of claims made in February that Last.fm user data has been passed on to the Recording Industry Association of America.

Despite the claims, though, Last.fm has responded to both salvoes with angry denials - the latest of which comes on the Last.fm forums, where Russ Garrett - who is the company's systems architect, and says he would have to approve any transfer of information - says no data was handed over, and that "it really seems like someone is trying to slander us here".

The article claims that "This source's information comes directly from Last.fm employees who he has spoken with." Nobody at Last.fm knows anything about such a leak. We didn't when they last wrote an article, and we don't now. Any suggestion that we were complicit in transferring user data to any third party is incorrect.

Any request for such data would have to be approved by myself first. The suggestion that CBS's ops team provided this data is just not possible - Last.fm operates as a separate entity and their operations staff do not have access to our system... Transferring personally identifiable data (i.e. IP addresses) from the UK to the US is against data protection laws. We wouldn't risk a lawsuit to pander to the RIAA's requests.

First time around, the accusations irked Last.fm co-founder Richard Jones so much that he wrote a blog post entitled "Techcrunch are full of shit". This time he engaged in a brief Twitter back-and-forth with Techcrunch editor Michael Arrington over the provenance of the story (Jones' user name is metabrew).

What's the truth here? It's impossible to tell, and the mud is starting to fly - which is likely to obscure things even more. In fact, I am loathe to repeat any aspect of the story because my own sources can't confirm anything one way or another, and Techcrunch has not provided any hard evidence; just accounts from anonymous, second-hand sources.

However, it's worth taking note of what's happened here because this is a very serious accusation - not simply because the RIAA is generally hated by the internet community, but (more importantly) that handing over that data would have broken the UK Data Protection Act.

For that reason, it's worth keeping an eye on. Whichever side of the coin the truth falls, there will no doubt be repercussions.